Figure 2-1. IA-32 System-Level Registers and Data StructuresVol. 3 2-3 SYSTEM ARCHITECTURE OVERVIEW...

Vol. 3 2-3

SYSTEM ARCHITECTURE OVERVIEW

Figure 2-1. IA-32 System-Level Registers and Data Structures

Local DescriptorTable (LDT)

EFLAGS Register

Control Registers

CR1CR2CR3CR4

CR0 Global DescriptorTable (GDT)

Interrupt DescriptorTable (IDT)

IDTR

GDTR

Interrupt Gate

Trap Gate

LDT Desc.

TSS Desc.

CodeStack

CodeStack

CodeStack

Task-StateSegment (TSS)

CodeData

Stack

Task

Interrupt Handler

Exception Handler

Protected Procedure

TSS Seg. Sel.

Call-GateSegment Selector

Dir Table OffsetLinear Address

Page Directory

Pg. Dir. Entry

Linear Address Space

Linear Addr.

0

Seg. Desc.Segment Sel.

Code, Data orStack Segment

InterruptVector

TSS Desc.

Seg. Desc.

Task Gate

CurrentTSS

Call Gate

Task-StateSegment (TSS)

CodeData

Stack

Task

Seg. Desc.

CurrentTSS

CurrentTSS

Segment Selector

Linear Address

Task Register

CR3*

Page Table

Pg. Tbl. Entry

Page

Physical Addr.

LDTR

This page mapping example is for 4-KByte pagesand the normal 32-bit physical address size.

Register

*Physical Address

Physical Address

XCR0 (XFEM)

Vol. 3 2-13


IF Interrupt enable (bit 9) — Controls the response of the processor to maskable hardware interrupt requests (see also: Section 5.3.2, “Maskable Hardware Interrupts”). The flag is set to respond to maskable hardware interrupts; cleared to inhibit maskable hardware interrupts. The IF flag does not affect the generation of exceptions or nonmaskable interrupts (NMI interrupts). The CPL, IOPL, and the state of the VME flag in control register CR4 determine whether the IF flag can be modified by the CLI, STI, POPF, POPFD, and IRET.

IOPL I/O privilege level field (bits 12 and 13) — Indicates the I/O privilege level (IOPL) of the currently running program or task. The CPL of the currently running program or task must be less than or equal to the IOPL to access the I/O address space. This field can only be modified by the POPF and IRET instructions when operating at a CPL of 0.

The IOPL is also one of the mechanisms that controls the modification of the IF flag and the handling of interrupts in virtual-8086 mode when virtual mode extensions are in effect (when CR4.VME = 1). See also: Chapter 13, “Input/Output,” in the Intel® 64 and IA-32 Architectures Software Devel-oper’s Manual, Volume 1.

NT Nested task (bit 14) — Controls the chaining of interrupted and called tasks. The processor sets this flag on calls to a task initiated with a CALL instruction, an interrupt, or an exception. It examines and modifies this flag on returns from a task initiated with the IRET instruction. The flag can be explicitly set or cleared with the POPF/POPFD instructions; however,

Figure 2-4. System Flags in the EFLAGS Register

31 22 21 20 19 18 17 16

RF

ID

AC

VM

VM — Virtual-8086 ModeRF — Resume FlagNT — Nested Task FlagIOPL— I/O Privilege LevelIF — Interrupt Enable Flag

AC — Alignment Check

ID — Identification FlagVIP — Virtual Interrupt Pending

15 1314 12 11 10 9 8 7 6 5 4 3 2 1 0

0 CFAF

PF 1

DF

IF

TF

SF

ZF

NT 00

VIP

VIF

OF

IOPL

VIF — Virtual Interrupt Flag

TF — Trap Flag

Reserved

Reserved (set to 0)

2-16 Vol. 3


2.4.1 Global Descriptor Table Register (GDTR)The GDTR register holds the base address (32 bits in protected mode; 64 bits in IA-32e mode) and the 16-bit table limit for the GDT. The base address specifies the linear address of byte 0 of the GDT; the table limit specifies the number of bytes in the table.

The LGDT and SGDT instructions load and store the GDTR register, respectively. On power up or reset of the processor, the base address is set to the default value of 0 and the limit is set to 0FFFFH. A new base address must be loaded into the GDTR as part of the processor initialization process for protected-mode operation.

See also: Section 3.5.1, “Segment Descriptor Tables.”

2.4.2 Local Descriptor Table Register (LDTR)The LDTR register holds the 16-bit segment selector, base address (32 bits in protected mode; 64 bits in IA-32e mode), segment limit, and descriptor attributes for the LDT. The base address specifies the linear address of byte 0 of the LDT segment; the segment limit specifies the number of bytes in the segment. See also: Section 3.5.1, “Segment Descriptor Tables.”

The LLDT and SLDT instructions load and store the segment selector part of the LDTR register, respectively. The segment that contains the LDT must have a segment descriptor in the GDT. When the LLDT instruction loads a segment selector in the LDTR: the base address, limit, and descriptor attributes from the LDT descriptor are automatically loaded in the LDTR.

When a task switch occurs, the LDTR is automatically loaded with the segment selector and descriptor for the LDT for the new task. The contents of the LDTR are not automatically saved prior to writing the new LDT information into the register.

On power up or reset of the processor, the segment selector and base address are set to the default value of 0 and the limit is set to 0FFFFH.

Figure 2-5. Memory Management Registers

047(79)

GDTRIDTR

System Table Registers

32(64)-bit Linear Base Address 16-Bit Table Limit

1516

32(64)-bit Linear Base Address

0Task

LDTR

System Segment

Seg. Sel.

15

Seg. Sel.

Segment Descriptor Registers (Automatically Loaded)

32(64)-bit Linear Base Address Segment Limit

AttributesRegisters

32(64)-bit Linear Base Address Segment LimitRegister

16-Bit Table Limit

Vol. 3 2-19


When loading a control register, reserved bits should always be set to the values previously read. The flags in control registers are:

PG Paging (bit 31 of CR0) — Enables paging when set; disables paging when clear. When paging is disabled, all linear addresses are treated as physical addresses. The PG flag has no effect if the PE flag (bit 0 of register CR0) is not also set; setting the PG flag when the PE flag is clear causes a general-protection exception (#GP). See also: Section 3.6, “Paging (Virtual Memory) Overview.”

On Intel 64 processors, enabling and disabling IA-32e mode operation also requires modifying CR0.PG.

CD Cache Disable (bit 30 of CR0) — When the CD and NW flags are clear, caching of memory locations for the whole of physical memory in the processor’s internal (and external) caches is enabled. When the CD flag is set, caching is restricted as described in Table 10-5. To prevent the processor from accessing and updating its caches, the CD flag must be set and the caches must be invalidated so that no cache hits can occur.

Figure 2-6. Control Registers

CR1

WP

AM

Page-Directory Base

VME

PSE

TSD

DE

PVI

PGE

MCE

PAE

PCE

NW

PG

CD

PWT

PCD

Page-Fault Linear Address

PE

EM

MP

TS

NE

ET

CR2

CR0

CR4

Reserved

CR3

Reserved (set to 0)

31 2930 28 19 18 17 16 15 6 5 4 3 2 1 0

31(63) 0

31(63) 0

31(63) 12 11 5 4 3 2

31(63) 9 8 7 6 5 4 3 2 1 0

(PDBR)

13 12 11 10

OSFXSROSXMMEXCPT

VMXE

00

EXMS

1418

OSXSAVE

3-2 Vol. 3

PROTECTED-MODE MEMORY MANAGEMENT

segment, the segment type, and the location of the first byte of the segment in the linear address space (called the base address of the segment). The offset part of the logical address is added to the base address for the segment to locate a byte within the segment. The base address plus the offset thus forms a linear address in the processor’s linear address space.

If paging is not used, the linear address space of the processor is mapped directly into the physical address space of processor. The physical address space is defined as the range of addresses that the processor can generate on its address bus.

Because multitasking computing systems commonly define a linear address space much larger than it is economically feasible to contain all at once in physical memory, some method of “virtualizing” the linear address space is needed. This virtualization of the linear address space is handled through the processor’s paging mechanism.

Paging supports a “virtual memory” environment where a large linear address space is simulated with a small amount of physical memory (RAM and ROM) and some disk

Figure 3-1. Segmentation and Paging

Global DescriptorTable (GDT)

Linear AddressSpace

SegmentSegmentDescriptor

Offset

Logical Address

SegmentBase Address

Page

Phy. Addr.Lin. Addr.

SegmentSelector

Dir Table OffsetLinear Address

Page Table

Page Directory

Entry

Physical

Space

Entry

(or Far Pointer)

PagingSegmentation

Address

Page

3-4 Vol. 3


FFFF_FFF0H. RAM (DRAM) is placed at the bottom of the address space because the initial base address for the DS data segment after reset initialization is 0.

3.2.2 Protected Flat ModelThe protected flat model is similar to the basic flat model, except the segment limits are set to include only the range of addresses for which physical memory actually exists (see Figure 3-3). A general-protection exception (#GP) is then generated on any attempt to access nonexistent memory. This model provides a minimum level of hardware protection against some kinds of program bugs.

Figure 3-2. Flat Model

Figure 3-3. Protected Flat Model

Linear Address Space(or Physical Memory)

Data and

FFFFFFFFHSegment

LimitAccessBase Address

RegistersCS

SS

DS

ES

FS

GS

Code

0

Code- and Data-SegmentDescriptors

Stack

Not Present

Linear Address Space(or Physical Memory)

Data and

FFFFFFFFHSegment


Registers

CS

ES

SS

DS

FS

GS

Code

0

SegmentDescriptors


Memory I/O

Stack

Not Present

Vol. 3 3-9


If paging is not used, the processor maps the linear address directly to a physical address (that is, the linear address goes out on the processor’s address bus). If the linear address space is paged, a second level of address translation is used to trans-late the linear address into a physical address.

See also: Section 3.6, “Paging (Virtual Memory) Overview”.

3.4.1 Logical Address Translation in IA-32e ModeIn IA-32e mode, an Intel 64 processor uses the steps described above to translate a logical address to a linear address. In 64-bit mode, the offset and base address of the segment are 64-bits instead of 32 bits. The linear address format is also 64 bits wide and is subject to the canonical form requirement.

Each code segment descriptor provides an L bit. This bit allows a code segment to execute 64-bit code or legacy 32-bit code by code segment.

3.4.2 Segment SelectorsA segment selector is a 16-bit identifier for a segment (see Figure 3-6). It does not point directly to the segment, but instead points to the segment descriptor that defines the segment. A segment selector contains the following items:

Index (Bits 3 through 15) — Selects one of 8192 descriptors in the GDT or LDT. The processor multiplies the index value by 8 (the number of bytes in a segment descriptor) and adds the result to the base address of the GDT or LDT (from the GDTR or LDTR register, respectively).

Figure 3-5. Logical Address to Linear Address Translation

Offset (Effective Address)0

Base Address

Descriptor Table

SegmentDescriptor

31(63)Seg. Selector

015Logical

Address

+

Linear Address031(63)

3-10 Vol. 3


TI (table indicator) flag (Bit 2) — Specifies the descriptor table to use: clearing this flag selects the GDT; setting this flag selects the current LDT.

Requested Privilege Level (RPL) (Bits 0 and 1) — Specifies the privilege level of the selector. The priv-ilege level can range from 0 to 3, with 0 being the most privileged level. See Section 4.5, “Privilege Levels”, for a description of the rela-tionship of the RPL to the CPL of the executing program (or task) and the descriptor privilege level (DPL) of the descriptor the segment selector points to.

The first entry of the GDT is not used by the processor. A segment selector that points to this entry of the GDT (that is, a segment selector with an index of 0 and the TI flag set to 0) is used as a “null segment selector.” The processor does not generate an exception when a segment register (other than the CS or SS registers) is loaded with a null selector. It does, however, generate an exception when a segment register holding a null selector is used to access memory. A null selector can be used to initialize unused segment registers. Loading the CS or SS register with a null segment selector causes a general-protection exception (#GP) to be generated.

Segment selectors are visible to application programs as part of a pointer variable, but the values of selectors are usually assigned or modified by link editors or linking loaders, not application programs.

3.4.3 Segment RegistersTo reduce address translation time and coding complexity, the processor provides registers for holding up to 6 segment selectors (see Figure 3-7). Each of these segment registers support a specific kind of memory reference (code, stack, or data). For virtually any kind of program execution to take place, at least the code-segment (CS), data-segment (DS), and stack-segment (SS) registers must be loaded with valid segment selectors. The processor also provides three additional data-segment registers (ES, FS, and GS), which can be used to make additional data segments available to the currently executing program (or task).

Figure 3-6. Segment Selector

15 3 2 1 0TIIndex

Table Indicator 0 = GDT 1 = LDTRequested Privilege Level (RPL)

RPL

Vol. 3 3-13


3.4.5 Segment DescriptorsA segment descriptor is a data structure in a GDT or LDT that provides the processor with the size and location of a segment, as well as access control and status informa-tion. Segment descriptors are typically created by compilers, linkers, loaders, or the operating system or executive, but not application programs. Figure 3-8 illustrates the general descriptor format for all types of segment descriptors.

The flags and fields in a segment descriptor are as follows:

Segment limit field Specifies the size of the segment. The processor puts together the two segment limit fields to form a 20-bit value. The processor inter-prets the segment limit in one of two ways, depending on the setting of the G (granularity) flag:

• If the granularity flag is clear, the segment size can range from 1 byte to 1 MByte, in byte increments.

• If the granularity flag is set, the segment size can range from 4 KBytes to 4 GBytes, in 4-KByte increments.

The processor uses the segment limit in two different ways, depending on whether the segment is an expand-up or an expand-down segment. See Section 3.4.5.1, “Code- and Data-Segment Descriptor Types”, for more information about segment types. For expand-up segments, the offset in a logical address can range from 0

Figure 3-8. Segment Descriptor

31 24 23 22 21 20 19 16 15 1314 12 11 8 7 0

PBase 31:24 GDPL

TypeSL 4

31 16 15 0

Base Address 15:00 Segment Limit 15:00 0

Base 23:16D/B

AVL

Seg.Limit19:16

G — GranularityLIMIT — Segment LimitP — Segment presentS — Descriptor type (0 = system; 1 = code or data)TYPE — Segment type

DPL — Descriptor privilege level

AVL — Available for use by system softwareBASE — Segment base addressD/B — Default operation size (0 = 16-bit segment; 1 = 32-bit segment)

L — 64-bit code segment (IA-32e mode only)

Vol. 3 3-17


Stack segments are data segments which must be read/write segments. Loading the SS register with a segment selector for a nonwritable data segment generates a general-protection exception (#GP). If the size of a stack segment needs to be changed dynamically, the stack segment can be an expand-down data segment (expansion-direction flag set). Here, dynamically changing the segment limit causes stack space to be added to the bottom of the stack. If the size of a stack segment is intended to remain static, the stack segment may be either an expand-up or expand-down type.

The accessed bit indicates whether the segment has been accessed since the last time the operating-system or executive cleared the bit. The processor sets this bit whenever it loads a segment selector for the segment into a segment register, assuming that the type of memory that contains the segment descriptor supports processor writes. The bit remains set until explicitly cleared. This bit can be used both for virtual memory management and for debugging.

Table 3-1. Code- and Data-Segment Types

Type Field DescriptorType

Description

Decimal 11 10E

9W

8A

0 0 0 0 0 Data Read-Only

1 0 0 0 1 Data Read-Only, accessed

2 0 0 1 0 Data Read/Write

3 0 0 1 1 Data Read/Write, accessed

4 0 1 0 0 Data Read-Only, expand-down

5 0 1 0 1 Data Read-Only, expand-down, accessed

6 0 1 1 0 Data Read/Write, expand-down

7 0 1 1 1 Data Read/Write, expand-down, accessed

C R A

8 1 0 0 0 Code Execute-Only

9 1 0 0 1 Code Execute-Only, accessed

10 1 0 1 0 Code Execute/Read

11 1 0 1 1 Code Execute/Read, accessed

12 1 1 0 0 Code Execute-Only, conforming

13 1 1 0 1 Code Execute-Only, conforming, accessed

14 1 1 1 0 Code Execute/Read, conforming

15 1 1 1 1 Code Execute/Read, conforming, accessed

Vol. 3 3-19


• Task-state segment (TSS) descriptor.• Call-gate descriptor.• Interrupt-gate descriptor.• Trap-gate descriptor.• Task-gate descriptor.These descriptor types fall into two categories: system-segment descriptors and gate descriptors. System-segment descriptors point to system segments (LDT and TSS segments). Gate descriptors are in themselves “gates,” which hold pointers to proce-dure entry points in code segments (call, interrupt, and trap gates) or which hold segment selectors for TSS’s (task gates).

Table 3-2 shows the encoding of the type field for system-segment descriptors and gate descriptors. Note that system descriptors in IA-32e mode are 16 bytes instead of 8 bytes.

Table 3-2. System-Segment and Gate-Descriptor Types

Type Field Description

Decimal 11 10 9 8 32-Bit Mode IA-32e Mode

0 0 0 0 0 Reserved Upper 8 byte of an 16-byte descriptor

1 0 0 0 1 16-bit TSS (Available) Reserved

2 0 0 1 0 LDT LDT

3 0 0 1 1 16-bit TSS (Busy) Reserved

4 0 1 0 0 16-bit Call Gate Reserved

5 0 1 0 1 Task Gate Reserved

6 0 1 1 0 16-bit Interrupt Gate Reserved

7 0 1 1 1 16-bit Trap Gate Reserved

8 1 0 0 0 Reserved Reserved

9 1 0 0 1 32-bit TSS (Available) 64-bit TSS (Available)


11 1 0 1 1 32-bit TSS (Busy) 64-bit TSS (Busy)

12 1 1 0 0 32-bit Call Gate 64-bit Call Gate


14 1 1 1 0 32-bit Interrupt Gate 64-bit Interrupt Gate

15 1 1 1 1 32-bit Trap Gate 64-bit Trap Gate

3-20 Vol. 3


See also: Section 3.5.1, “Segment Descriptor Tables”, and Section 6.2.2, “TSS Descriptor” (for more information on the system-segment descriptors); see Section 4.8.3, “Call Gates”, Section 5.11, “IDT Descriptors”, and Section 6.2.5, “Task-Gate Descriptor” (for more information on the gate descriptors).

3.5.1 Segment Descriptor TablesA segment descriptor table is an array of segment descriptors (see Figure 3-10). A descriptor table is variable in length and can contain up to 8192 (213) 8-byte descrip-tors. There are two kinds of descriptor tables:

• The global descriptor table (GDT)• The local descriptor tables (LDT)

Figure 3-10. Global and Local Descriptor Tables

SegmentSelector

GlobalDescriptor

T

First Descriptor inGDT is Not Used

TI = 0I

56

40

48

32

24

16

8

0

TI = 1

56

40

48

32

24

16

8

0

Table (GDT)

LocalDescriptor

Table (LDT)

Base AddressLimit

GDTR Register LDTR Register

Base AddressSeg. Sel.

Limit

3-22 Vol. 3


3.5.2 Segment Descriptor Tables in IA-32e ModeIn IA-32e mode, a segment descriptor table can contain up to 8192 (213) 8-byte descriptors. An entry in the segment descriptor table can be 8 bytes. System descrip-tors are expanded to 16 bytes (occupying the space of two entries).

GDTR and LDTR registers are expanded to hold 64-bit base address. The corre-sponding pseudo-descriptor is 80 bits. (see the bottom diagram in Figure 3-11).

The following system descriptors expand to 16 bytes:

— Call gate descriptors (see Section 4.8.3.1, “IA-32e Mode Call Gates”)

— IDT gate descriptors (see Section 5.14.1, “64-Bit Mode IDT”)

— LDT and TSS descriptors (see Section 6.2.3, “TSS Descriptor in 64-bit mode”).

3.6 PAGING (VIRTUAL MEMORY) OVERVIEWWhen operating in protected mode, IA-32 architecture permits linear address space to be mapped directly into a large physical memory (for example, 4 GBytes of RAM) or indirectly (using paging) into a smaller physical memory and disk storage. This latter method of mapping the linear address space is referred to as virtual memory or demand-paged virtual memory.

When paging is used, the processor divides the linear address space into fixed-size pages (of 4 KBytes, 2 MBytes, or 4 MBytes in length) that can be mapped into phys-ical memory and/or disk storage. When a program (or task) references a logical address in memory, the processor translates the address into a linear address and then uses its paging mechanism to translate the linear address into a corresponding physical address.

If the page containing the linear address is not currently in physical memory, the processor generates a page-fault exception (#PF). The exception handler for the page-fault exception typically directs the operating system or executive to load the page from disk storage into physical memory (perhaps writing a different page from physical memory out to disk in the process). When the page has been loaded in phys-ical memory, a return from the exception handler causes the instruction that gener-

Figure 3-11. Pseudo-Descriptor Formats

032-bit Base Address Limit

47 1516

064-bit Base Address Limit

79 1516

3-26 Vol. 3


3.7.1 Linear Address Translation (4-KByte Pages)Figure 3-12 shows the page directory and page-table hierarchy when mapping linear addresses to 4-KByte pages. The entries in the page directory point to page tables, and the entries in a page table point to pages in physical memory. This paging method can be used to address up to 220 pages, which spans a linear address space of 232 bytes (4 GBytes).

To select the various table entries, the linear address is divided into three sections:

• Page-directory entry — Bits 22 through 31 provide an offset to an entry in the page directory. The selected entry provides the base physical address of a page table.

• Page-table entry — Bits 12 through 21 of the linear address provide an offset to an entry in the selected page table. This entry provides the base physical address of a page in physical memory.

• Page offset — Bits 0 through 11 provides an offset to a physical address in the page.

Memory management software has the option of using one page directory for all programs and tasks, one page directory for each task, or some combination of the two.

Figure 3-12. Linear Address Translation (4-KByte Pages)

0Directory Table Offset

Page Directory

Directory Entry

CR3 (PDBR)

Page Table

Page-Table Entry

4-KByte Page

Physical Address

31 21 111222Linear Address

1024 PDE ∗ 1024 PTE = 220 Pages32*

10

12

10

*32 bits aligned onto a 4-KByte boundary.

20

Vol. 3 3-29


addresses are being used. The functions of the flags and fields in the entries in Figures 3-14 and 3-15 are as follows:

Page base address, bits 12 through 32 (Page-table entries for 4-KByte pages) — Specifies the physical address of the first byte of a 4-KByte page. The bits in this field are interpreted as the 20 most-significant bits of the physical address, which forces pages to be aligned on 4-KByte boundaries.

(Page-directory entries for 4-KByte page tables) — Specifies the physical address of the first byte of a page table. The bits in this field

Figure 3-14. Format of Page-Directory and Page-Table Entries for 4-KByte Pages and 32-Bit Physical Addresses

31

Available for system programmer’s useGlobal page (Ignored)Page size (0 indicates 4 KBytes)Available

12 11 9 8 7 6 5 4 3 2 1 0

PS

PCA

AccessedCache disabledWrite-throughUser/SupervisorRead/WritePresent

DP

PWT

U/S

R/

WGAvailPage-Table Base Address

31

Available for system programmer’s useGlobal PagePage Table Attribute IndexDirty

12 11 9 8 7 6 5 4 3 2 1 0

PCAD

AccessedCache DisabledWrite-ThroughUser/SupervisorRead/WritePresent

DP

PWT

U/S

R/

WAvailPage Base Address

Page-Directory Entry (4-KByte Page Table)

Page-Table Entry (4-KByte Page)

PAT

G

AVL

Vol. 3 6-5

TASK MANAGEMENT

The processor updates dynamic fields when a task is suspended during a task switch. The following are dynamic fields:

• General-purpose register fields — State of the EAX, ECX, EDX, EBX, ESP, EBP, ESI, and EDI registers prior to the task switch.

• Segment selector fields — Segment selectors stored in the ES, CS, SS, DS, FS, and GS registers prior to the task switch.

• EFLAGS register field — State of the EFAGS register prior to the task switch.

Figure 6-2. 32-Bit Task-State Segment (TSS)

031

100

96

92

88

84

80

76

I/O Map Base Address

15

LDT Segment Selector

GS

FS

DS

SS

CS

72

68

64

60

56

52

48

44

40

36

32

28

24

20

SS2

16

12

8

4

0

SS1

SS0

ESP0

Previous Task Link

ESP1

ESP2

CR3 (PDBR)

T

ES

EDI

ESIEBP

ESP

EBX

EDX

ECX

EAX

EFLAGS

EIP

Reserved bits. Set to 0.

Reserved

Reserved

Reserved

Reserved

Reserved

Reserved

ReservedReserved

Reserved

Reserved

Reserved

Reserved

Vol. 3 6-7

TASK MANAGEMENT

• Task switches are carried out faster if the pages containing these structures are present in memory before the task switch is initiated.

6.2.2 TSS DescriptorThe TSS, like all other segments, is defined by a segment descriptor. Figure 6-3 shows the format of a TSS descriptor. TSS descriptors may only be placed in the GDT; they cannot be placed in an LDT or the IDT.

An attempt to access a TSS using a segment selector with its TI flag set (which indi-cates the current LDT) causes a general-protection exception (#GP) to be generated during CALLs and JMPs; it causes an invalid TSS exception (#TS) during IRETs. A general-protection exception is also generated if an attempt is made to load a segment selector for a TSS into a segment register.

The busy flag (B) in the type field indicates whether the task is busy. A busy task is currently running or suspended. A type field with a value of 1001B indicates an inac-tive task; a value of 1011B indicates a busy task. Tasks are not recursive. The processor uses the busy flag to detect an attempt to call a task whose execution has been interrupted. To insure that there is only one busy flag is associated with a task, each TSS should have only one TSS descriptor that points to it.

The base, limit, and DPL fields and the granularity and present flags have functions similar to their use in data-segment descriptors (see Section 3.4.5, “Segment Descriptors”). When the G flag is 0 in a TSS descriptor for a 32-bit TSS, the limit field must have a value equal to or greater than 67H, one byte less than the minimum size

Figure 6-3. TSS Descriptor

31 24 23 22 21 20 19 16 15 1314 12 11 8 7 0

PBase 31:24 GDPL

Type

00

31 16 15 0

Base Address 15:00 Segment Limit 15:00

Base 23:16AVL

Limit19:160

1B01

TSS Descriptor

AVLBBASEDPLG

Available for use by system softwareBusy flagSegment Base AddressDescriptor Privilege LevelGranularity

LIMITPTYPE

Segment LimitSegment PresentSegment Type

0

4

Vol. 3 6-11

TASK MANAGEMENT

6.2.5 Task-Gate DescriptorA task-gate descriptor provides an indirect, protected reference to a task (see Figure 6-6). It can be placed in the GDT, an LDT, or the IDT. The TSS segment selector field in a task-gate descriptor points to a TSS descriptor in the GDT. The RPL in this segment selector is not used.

The DPL of a task-gate descriptor controls access to the TSS descriptor during a task switch. When a program or procedure makes a call or jump to a task through a task gate, the CPL and the RPL field of the gate selector pointing to the task gate must be less than or equal to the DPL of the task-gate descriptor. Note that when a task gate is used, the DPL of the destination TSS descriptor is not used.

A task can be accessed either through a task-gate descriptor or a TSS descriptor. Both of these structures satisfy the following needs:

• Need for a task to have only one busy flag — Because the busy flag for a task is stored in the TSS descriptor, each task should have only one TSS descriptor. There may, however, be several task gates that reference the same TSS descriptor.

• Need to provide selective access to tasks — Task gates fill this need, because they can reside in an LDT and can have a DPL that is different from the TSS descriptor's DPL. A program or procedure that does not have sufficient privilege to access the TSS descriptor for a task in the GDT (which usually has a DPL of 0) may be allowed access to the task through a task gate with a higher DPL. Task gates give the operating system greater latitude for limiting access to specific tasks.

• Need for an interrupt or exception to be handled by an independent task — Task gates may also reside in the IDT, which allows interrupts and exceptions

Figure 6-6. Task-Gate Descriptor

31 16 15 1314 12 11 8 7 0

PDPL

Type

0

31 16 15 0

TSS Segment Selector

1010

DPLPTYPE

Descriptor Privilege LevelSegment PresentSegment Type

4

0Reserved

ReservedReserved

/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile () /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False

/Description > /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ > /FormElements false /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /DocumentCMYK /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /UseDocumentProfile /UseDocumentBleed false >> ]>> setdistillerparams> setpagedevice

Figure 2-1. IA-32 System-Level Registers and Data StructuresVol. 3 2-3 SYSTEM ARCHITECTURE OVERVIEW...

Documents

Transcript of Figure 2-1. IA-32 System-Level Registers and Data StructuresVol. 3 2-3 SYSTEM ARCHITECTURE OVERVIEW...